Doc Pop News Drop: The CCPA vs GDPR

Doc’s WordPress News Drop is a weekly report on the most pressing WordPress news. When the news drops, I will pick it up and deliver it right to you.

In this week’s News Drop, we talk about the California Consumer Protection Act of 2018 and how it might affect WordPress users. We also talk about how the CCPA compares to the GDPR.

Love WordPress News, but hate reading? My name is Doc and this is Doc Pop’s News Drop.

We’ve heard a ton about the GDPR, the General Data Protection Regulation that went into affect a few months ago, but you probably haven’t heard much about California Consumer Protection Act, which was just signed into law a few weeks ago. I have a feeling that’s going to change in the next few years, so in this week’s episode we are going to talk about this new law. What is it and how does it compare to other privacy laws like the GDPR?

Before we do though, I just want to remind you that I am not a lawyer and this should not be considered legal advice. This is just a round of the bill in it’s current form, so if you have any questions or want to make sure you are compliant, you should definetly talk to a lawyer.

The CCPA is an online privacy act that closely mirrors the GDPR. It was originally intended to be put up for vote as a ballot initiative in November called the California Consumer Privacy Act of 2018, but surprisingly it was quickly introduced and passed by the California state legislature before the ballot was added. The bill was signed into law on June 29th and is slated to go into effect on January 1st, 2020.

Similar to the GDPR, the CCPA allows consumers to request a copy of any data a US organization might be storing on them, as well as request the deletion of that data. Failure to comply with these requests can result in fines.

Luckily, WordPress introduced many of these privacy features to WordPress version 4.9.6 in order to help sites become GDPR complaint, including the ability to share what data you’ve collected and easy ways to delete it upon request.

Another similarity between CCPA and GDPR is the requirement to report data breaches to consumers. These affected consumers have the right to take civil action against companies if their data is exposed, by hackers or by accident, damages of up to $750 per consumer for each incident.

Now lets talk about how the CCPA differs from the GDPR.

One of the biggest differences is that the GDPR requires consuemrs to opt-in to data collection, but the CCPA only offers consumers the right to opt-out. In other words, the CCPA still allows sites to collect your data when signing up to a new site, or making a purchase online. Where the GDPR specifically requires sites to get consent before collecting any data. This is a huge difference.

The law specifies that sites are not allowed to treat you any different whether or not you choose to opt-out. So if you choose to do so, sites are not allowed to throtlle loading time or less features than they would to other consumers.

Sites are required to inform users in California about what types of data is being collected as well as what they will do with your data, before they collect it.

Most interestingly, the CCPA will allow business to offer users financial benefit’s in exchange for the user’s consent of data collection and processing.

Children between 13 and 16 years of age must affirmatively authorize the sale of their personal information. If the child is under the age of 13 years old, a parent or guardian must authorize the sale of information for them.

As I mentioned before, California Consumer Privacy Act of 2018 will not go into effect until 2020. So far, the law was added with very little fight from major companies, but I think we’ll see a huge legal battle between now and then, so expect to see plenty of changes to the law in the next few years.

Again, I’m not a lawyer, so please consult a lawyer if you need professional advice on the California Consumer Protection Act.

We’d love to hear your thoughts, will other states start adopting the CCPA or something similar as well? Let us know in the comments below and be sure to tune in next week for more WordPress news.